CVE-2021-26312

CWE-665 CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 68.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7232p Firmware AMD Epyc 7251 Firmware AMD Epyc 7252 Firmware +57 more

Timeline

PublishedNov 16

Latest updateNov 17

Description

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages60 packages

▶NVDamd/epyc_7251_firmware< naplespi-sp3_1.0.0.g

▶NVDamd/epyc_7252_firmware< romepi-sp3_1.0.0.c

▶NVDamd/epyc_7261_firmware< naplespi-sp3_1.0.0.g

▶NVDamd/epyc_7262_firmware< romepi-sp3_1.0.0.c

▶NVDamd/epyc_7272_firmware< romepi-sp3_1.0.0.c

🔴Vulnerability Details

GHSA

GHSA-vxp2-rm45-4pjg: PSP protection against improperly configured side channels may lead to potential information disclosure↗2021-11-17

▶

CVEList

CVE-2021-26312: Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should n↗2021-11-16

▶